Posts Tagged ‘Security’

Health care management is lot about analyzing and assorting risk possibilities that can threaten or disrupt the infrastructure and workability of an institution. Unlike other sectors health care industry cannot work on compromises. It has to constantly upgrade itself for better deliverance and to tackle several managerial issues.

 The security factor counts high when it comes to health care management. Several Acts and declarations passed by the federal government deals with protection of risks against:

  • Malfunctioning of computing system because of a malware/ virus
  • Unprecedented accidents like fire
  • Theft of information by employee
  • Unintentional damage to hardware and software
  • Removal of data and records etc

Apart from the aforesaid factors it is also necessary to understand how a management is liable to protect personal information of a patient. Infact with several data breach incidents that has been lately filed in news columns, patients are enquiring about their rights to data protection and are also taking legal aid from professional attorneys in order to safeguard their interests during data breach. This awareness has in turn boosted administrative set up to implement proper protection programs to reduce security threats.

 Some points have been enlisted below that can help medical care units/ organizations reduce security breaches:

  •  Appropriate training for concerned executives is a must. People who are in charge of such security acts should be efficiently trained in soft skill application. Emergency restorative plans should be pre-formulated along with adequate recruitment of trained personnel.
  •  Risks should be analyzed on the basis of Private Health Information Act. Negligence should not be tolerated and an employee should be reprimanded of bad/ indifferent/ ignorant conduct.

 While the above two points illustrates much on employee performance and conduct from hereon we will discuss how important it is to engage technical security tools to properly systemize and mitigate system failure risks.

  •  HIPAA and HITECH has enumerated strict compliance protocol that needs a company to observe severe technical back up plans either or restorative purpose or for performing a calibrating task. NPDB usage has become popular with hospitals and medical centers. They enable remote access, proper data storage and data transfer in a secured manner. Also installing robust anti-virus protection, anti-spam, firewall, VNP and IDS programs are a must when handling security system integral to an industry.
  • Planning a cost effective budget regarding maintenance and security needs is a must. Manual work would probably take much more time and money than technical operatives.
  • Finally having a risk management plan is essential to cope with loss or theft of PHI and NPP.

Piracy

Shocking software theft numbers were reveled by Business Software Alliance.   In spite of high dollar amount, BSA found piracy rate dropped by 1% in year 2010.   Study showed emerging economies to account for more than half the global value of PC Software theft,  $31.9 billion.

 It was not surprising to find computer users to be confused about the legal or illegal ways of acquiring software.  This was especially true in high-piracy markets.  On the other hand, 81% of users who participated in study found licensed software to be more secure and reliable.  This clearly shows that people appreciate the benefits of legal version of software.

You can read more about this study on BSA website.

Do you know anyone who use pirate software ?  How do you find legal software copies different than the illegal version ?

facebook-safety4
  

Your profile may not be currently protected.  Simply follow these direction to update and protect  your facebook profile.   Make sure to pass this guide to friends so that they can protect their profile as well.

Step 1.) Select “Account Settings”

Step 2.) Select “Account Security”

Step 3.) Select Various Security Features

 

Secure Browsing (https)

First security feature allows you to connect with facebook in a secure connection.  This is a “must have” feature for folks who connect to facebook from unsecure places such as starbucks and other open Wi-Fi locations.  

 It is very easy to read data from computers using wireless network in unsecure locations.   Hacker using a “traffic sniffer” tool can easily see everything you are sending or receiving via Wi-Fi network.

Secure Browsing feature will protect your profile from those who might be using “traffic sniffers” at open Wi-Fi location.   This feature will make sure you never connect to facebook from unsecure link. 

Login Notifications

You can choose to be notified via text message or email if some one tries to access your account from unrecognized computer or other device such as iPhone, Andriod Phone or other smart phone. 

Login Approvals

You can further enhance security of your profile by having a special code sent to your phone.  In order to register new device with your profile, you will have to enter the activation code sent your phone.   In other words,  no one can access your facebook profile even if they have your password.  

Go ahead, and secure your profile now.  Don’t forget pass this safety tips to your friends.  Simply tweet it or share it on facebook.

Small businesses spend hours planning their sales strategies and bouncing merchandising ideas but often overlook disaster recovery and business continuity planning.   Couple months ago one of my friends retail store got broken into.   Alarm went off and police arrived at the scene in about an hour.  Off course bad guys were long gone by then.    Police called the store owner but he didn’t pick up the phone.  

Everyone was shocked and surprised next morning when they found the front window broken.  Employee called police only to learn that break in happened last time and cops has already been there.  Office on the phone advised them not to touch anything in the store and just wait there until police take the finger print.   Four employees complied with police request and patiently waited outside the store.

After 6 hours of long wait, police officer arrived at the scene.   She took some finger prints from the door and asked the employees to take the store inventory.   Employees quickly crunched some numbers and gave their statement to police.  It was almost 7 Pm and time for everyone to go back home.  But everyone was wondering what to do with the broken window.   This debate took almost couple hours. Employees decided to put a wooden panel in front of the broken window.    Couple guys went to home depot, purchased the wooden panel and taped it to the broken window.   After 10 hours of ordeal employees went home.

Next morning, owner returned and learned about the situation.   After getting the situation under control he called me to discuss what has happened.  Here are the things we found:

  • Alarm Company only had owner as point of contact.
  • Employee didn’t know what do in case store had a break in.
  • There were no procedures in place to deal with the situation.

My friend lost about $500 in break in, $3500 in lost revenue and $800 in payroll.  This business could have saved over $4500 if they just had Business Continuity Plan in place.  How to deal with situation before it happens is the key part of Business Continuity Planning.   It should include step by step process for you and your staff to follow, covering such items as restoring data, phone service, website, POS system, Servers, Printers and all other essentials needed to restore your organization’s operational capability.

Your Disaster Recovery plan should also include the procedures to contact law enforcement, hospital, insurance company, vendors and anyone else involved with your company.   Often time, these procedures are forgotten and are very hard to find when needed. Therefore, it is also important to make multiple copies of these documents on intranet, in store manual and backup copies off site.

Staff should be initially trained and drill should be carried out to ensure that procedures can be followed in case of disaster.  In addition, reminders should be sent via email every couple months and regular training meetings should include the segment about disaster recovery.